Layer7 API Management

 View Only
  • 1.  Mismatching redirect_uri in OAuth 2.0 test client

    Broadcom Employee
    Posted May 02, 2017 02:17 AM



    I installed two Gateway 9.2 nodes(host1, host2) as cluster and setup nginx as load balancer on host3. I can login Policy Manager to operate well connecting to host3 with port 8443 which means the load balancer works well.

    Now I installed OTK 3.6 and followed the guide to update the two <YOUR_SSG> in callback URL as https://host3:8443 in Test 2.0 client.

    When I tried to open https://host3:8443/oauth/v2/client in browser, it was redirected to https://host3/oauth/v2/client/authcode  and can't find the site because the port is 443 in the redirected url. If I manually add port 8443 as https://host3:8443/oauth/v2/client/authcode and tried to open, the page can be opened. Then I will get error_description: Mismatching redirect_uri. Given: 'https://host3:443/oauth/v2/client/authcode' if I click the "INITIATE" button to initiate a new OAuth handshake.


    So the issue is that the port was set to 443 in the redirect url. Does anyone have idea how to fix it?


    If I access the test client with Gateway node1(https://host1:8443/oauth/v2/client) directly, the port in the redirect url is 8443. I didn't add any 443 listener in nginx conf file. 




  • 2.  Re: Mismatching redirect_uri in OAuth 2.0 test client

    Posted May 02, 2017 02:26 AM

    is your cluster hostname  same as host3

  • 3.  Re: Mismatching redirect_uri in OAuth 2.0 test client

    Broadcom Employee
    Posted May 02, 2017 02:40 AM


    Yes, the cluster.hostname is host3.

    I did more test just now. It may be related with the nginx. I created one simple web API named test1 to print ${request.url.protocol}://${}:${request.url.port}${request.url.path} in the response. My request is https://host3:8443/test1 but the response is https://host3:443/test1.

    The question is that Gateway is listening on 8443 port and can respond but why the ${request.url.port} is 443 ? I haven't found the solution. 

    I already simplified the nginx conf to forward request to one Gateway node(host1) already:

        server {
            listen       8443 ssl;


            ssl_certificate      gwhttpd.crt;
            ssl_certificate_key  gwhttpd.key;


            ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  10m;


            ssl_prefer_server_ciphers  on;


            location / {
                 proxy_pass https://host1:8443;  
                 proxy_set_header Host $host;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header X-Forwarded-Proto $scheme;

  • 4.  Re: Mismatching redirect_uri in OAuth 2.0 test client
    Best Answer

    Broadcom Employee
    Posted May 02, 2017 03:31 AM

    Issue was resolved by changing

    proxy_set_header Host $host;


    proxy_set_header Host $http_host;

    In the nginx.conf file.


    $host is the cluster hostname only and doesn't include port in the request header so Gateway will use port 443 by default. $http_host includes both hostname and port so Gateway will get the original port 8443 from the header.